Efficient software-based fault isolation

Wahbe, Robert; Lucco, Steven; Anderson, Thomas E.; Graham, Susan L.

doi:10.1145/173668.168635

Cited by 322 publications

(261 citation statements)

References 21 publications

Supporting

Mentioning

258

Contrasting

Unclassified

Order By: Relevance

“…In an early published use, it described an approach for achieving fault isolation (Wahbe et al, 1993). Discussions where practicing programmers are trying to understand what sandboxing is often fail to achieve a precise resolution and instead describe the term by listing products that are typically considered to be sandboxes or cases where sandboxes are often used (http://stackoverflow.com/questions/2126174/what-is-sandboxing, http://security.…”

Section: What Is a Sandbox?mentioning

confidence: 99%

“…Indeed, Wahbe was working to solve the problem of encapsulating software modules (to keep a fault in a distrusted module from affecting other modules) when he popularized the term in this domain. 1 1 While it is clear from at least one publication that the term sandbox was used in computer security earlier than Wahbe's paper (Neumann, 1990), many early software protection papers cite Wahbe as the origin of the "sandbox" method (Zhong, Edwards & Rees, 1997;Wallach et al, 1997;Schneider, 1997). At least one early commentator felt that this use of the term "sandbox" was merely renaming "trusted computing bases" (TCB) (McLean, 1997).…”

Section: What Is a Sandbox?mentioning

confidence: 99%

See 1 more Smart Citation

A systematic analysis of the science of sandboxing

Maass

Sales

Chung

et al. 2016

PeerJ Computer Science

View full text Add to dashboard Cite

Sandboxes are increasingly important building materials for secure software systems. In recognition of their potential to improve the security posture of many systems at various points in the development lifecycle, researchers have spent the last several decades developing, improving, and evaluating sandboxing techniques. What has been done in this space? Where are the barriers to advancement? What are the gaps in these efforts? We systematically analyze a decade of sandbox research from five top-tier security and systems conferences using qualitative content analysis, statistical clustering, and graph-based metrics to answer these questions and more. We find that the term "sandbox" currently has no widely accepted or acceptable definition. We use our broad scope to propose the first concise and comprehensive definition for "sandbox" that consistently encompasses research sandboxes. We learn that the sandboxing landscape covers a range of deployment options and policy enforcement techniques collectively capable of defending diverse sets of components while mitigating a wide range of vulnerabilities. Researchers consistently make security, performance, and applicability claims about their sandboxes and tend to narrowly define the claims to ensure they can be evaluated. Those claims are validated using multi-faceted strategies spanning proof, analytical analysis, benchmark suites, case studies, and argumentation. However, we find two cases for improvement: (1) the arguments researchers present are often ad hoc and (2) sandbox usability is mostly uncharted territory. We propose ways to structure arguments to ensure they fully support their corresponding claims and suggest lightweight means of evaluating sandbox usability.

show abstract

Section: What Is a Sandbox?mentioning

confidence: 99%

Section: What Is a Sandbox?mentioning

confidence: 99%

A systematic analysis of the science of sandboxing

Maass

Sales

Chung

et al. 2016

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…Centralized, general purpose security kernels [13] generally suffered from this problem [14]. Current work to develop languagebased security mechanisms aims for simple enforcement mechanisms, but ones that are distributed throughout the program [15,16].…”

Section: Minimize the Variety Size And Complexity Of Trusted Componmentioning

confidence: 99%

“…3 This approach was reasonably successful in some Burroughs machines [21], and has reappeared in current Java language systems, which attempt to certify that a program of Java bytecode is safe to run before dispatching it. As the introduction of lightweight processes and threads has weakened the boundaries between computations in order to reduce the time needed to swap contexts, methods for introducing inline checks to assure security properties have gained interest, as reflected by the work of Wahbe et al [15] on software fault isolation and Schneider [22] on security automata. Certifying code before it is run has also gained interest, as reflected by work on proof-carrying code [23] and static flow analysis [24] of computations.…”

Section: Defining Domainsmentioning

confidence: 99%

Computer security

Landwehr

2001

IJIS

View full text Add to dashboard Cite

A strong factor in the early development of computers was security -the computations that motivated their development, such as decrypting intercepted messages, generating gunnery tables, and developing weapons, had military applications. But the computers themselves were so big and so few that they were relatively easy to protect simply by limiting physical access to them to their programmers and operators. Today, computers have shrunk so that a web server can be hidden in a matchbox and have become so common that few people can give an accurate count of the number they have in their homes and automobiles, much less the number they use in the course of a day. Computers constantly communicate with one another; an isolated computer is crippled. The meaning and implications of "computer security" have changed over the years as well. This paper reviews major concepts and principles of computer security as it stands today. It strives not to delve deeply into specific technical areas such as operating system security, access control, network security, intrusion detection, and so on, but to paint the topic with a broad brush.1 What is computer security?Secure has its etymological roots in se -without, or apart from, and cura to care for, or be concerned about [1]. So, in the broadest sense, we might say a computer is secure if it is free from worry and if it is safe from threats, and computer security is the discipline that helps free us from worrying about our computers. Of course one might be foolishly secure, simply out of ignorance (this is another of the dictionary definitions for the word). In fact, people have worried about the security of their computers for many years, and computer security concerns are a significant factor today in the development and application of computer technology throughout society.Today, securing a computer for an e-commerce application may mean first assuring that the system will be available for use and will deliver uncorrupted information. Assuring the confidentiality of the information delivered may not be important at all if the system is simply acting as an online catalog of merchandise, though of course if it is used to accept credit card numbers, they will require protection. This emphasis reverses the traditional focus of some military and intelligence organizations on preserving confidentiality.In military systems, the first generation of computer security measures aimed to prevent security violations, and researchers developed technologies that could be counted on to prevent computers from leaking sensitive data. The market adopted few of these technologies, however, and a second generation of security technologies, characterized by firewalls and intrusion detection systems, aimed to at least detect and limit security violations that could not be prevented. Efforts are now underway to develop a third generation of security technologies and architectures that will have the ability to tolerate attacks and continue to provide critical functions, albeit in a degraded mode, while ...

show abstract

“…Third, PCC provides an expressive framework for treating a variety of mobile code safeties, owing to the use of first-order predicate logic (Necula, 1997), higher-order logic (Appel and Felty, 2000), or temporal logic (Bernard and Lee, 2002) as its underlying inference engine. This generality might be contrasted with the use of some specific type systems (Bershad et al, 1995;Lindholm and Yellin, 1999) or with the treatment of some specific safety properties (Wahbe et al, 1993). Fourth, the static verification mechanism in PCC enables each code to be executed quickly without any additional run-time checks.…”

Section: Introductionmentioning

confidence: 99%

Interactive and Probabilistic Proof of Mobile Code Safety

Tsukada¹

2005

Autom Software Eng

View full text Add to dashboard Cite

This paper proposes a new proof-based approach to safe evolution of distributed software systems. Specifically, it extends the simple certification mechanism of proof-carrying code (PCC) to make it interactive and probabilistic, thereby devising interactive proof-carrying code (iPCC). With iPCC, a code consumer is convinced, with overwhelming probability, of the existence and validity of a safety proof of a transmitted code through interaction with a code producer. The iPCC mechanism theoretically solves the problem of proof explosion with PCC and can be used to efficiently prove a greater variety of safety properties that may require longer proofs. Technically, the class (PSPACE) of safety properties that are efficiently provable by iPCC is larger than the class (NP) efficiently provable by PCC. To illustrate the power of iPCC, this paper demonstrates that the verification of certain basic safety properties of typical machine instruction codes needs co-NP-complete computation, and shows how these safety properties can be efficiently verified by the iPCC mechanism.

show abstract

Efficient software-based fault isolation

Abstract: One way to provide fault isolation among cooperating software modules is to place each in its own address space. However, for tightly-coupled modules, this so-

Cited by 322 publications

References 21 publications

A systematic analysis of the science of sandboxing

A systematic analysis of the science of sandboxing

Computer security

Interactive and Probabilistic Proof of Mobile Code Safety

Contact Info

Product

Resources

About